a rational explanation

Main menu

Tag Archives: McAfee

Let me start with the story, Before couple of months back this issue was noticed in my office in which there is a hybrid environment with vulnerable Windows and Ubuntu. IT policies wanted an an anti-virus on Ubuntu and they had already purchased McAfee. After installing McAfee on Ubuntu we noticed that if we install, uninstall or reconfigure other software using apt-* ,synaptic or software center which crashes the machine ; it will not not open any program and if you reboot at that time it will unusable at all.
At that time I was not in the scene and my fellow engineers and McAfee had identified why machine was crashing. It is because McAfee installs some loaders in to /lib folder which loaders abuse soname conversions like this.

if you use synaptic, software center, apt-get or apt-* machine will be crashed and will not boot again. In the same way if you manually run ldconfig this happens. For to explain the issue I installed some software. So that I boot the machine with a live CD,mount the HDD and it was like this

probably you might understood the problem now and you can simply fix this using

$sudo ln -snf i386-linux-gnu/ld-2.15.so ld-linux.so.2

since this is occurred after run ldconfig I looked in to ldconfig script as well as where does it come from. ldconfig comes with libc-bin package and libc-bin comes with glibc and it is compiled from eglibc package which I downloaded here for Ubuntu 12.04.

Inside eglibc_2.15.orig.tar.gz package in eglibc-2.15/elf folder ldconfig.c can be found. In ldconfig.c file I found that dynamic linker is also considered as shared library and which looks for “ld-” and load.

now I know the logic of dynamic linker. In this stage I got 2 paths to solve this
1.Change ldconfig.c and recompile and install(but obviously we will break conventions and this might disable future updates of ld-2.15.so )
2.Change ldconfig script which executes ldonfig.real

so I tried 2nd option first.
The last line of /sbin/ldconfig script was

exec /sbin/ldconfig.real “$@”

so that I removed exec and put a line to create the broken link so that it was like this

This worked for me and I tried 1st option also.
I edited (direntry->d_name, “ld-“, 3) != 0 to look for not only “ld-” but also for “ld-2” like this (direntry->d_name, “ld-2”, 4) != 0 and compiled.

Compilation was little bit tricky, it took some time to fix dependencies with configure script, make and make install. In READ ME of eglibc warned; this might make your machine very unstable…!
But after some time I installed it and worked still that machine did not crash.